WingNews logo WingNews
top | item 46503067

(no title)

RandomGerm4n | 1 month ago

This does not seem to work with Fedora Atomic. Because the system is read-only, the kernel module cannot be loaded. You would have to create an RPM package for the rootkit that you can then layer. In addition, due to Secure Boot, the kernel module would have to be signed with the same key as the system itself.

discuss

order

flipped|1 month ago

With secure boot enabled, is it mandatory for kernel modules to be signed with same key so they can be loaded? I was not aware of this.

wmf|1 month ago

insmod can load a module from anywhere (surely /tmp is writable), even stdin. That's why you definitely want to block unknown kernel modules.

Joel_Mckay|1 month ago

Most production OS I saw would do this on boot-up completion:

echo 1 > /proc/sys/kernel/modules_disabled

Which is supposed to block dynamic loading modules until a reboot.

It would be interesting if the PoC can get around that trick too. =3